MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cac67b5ab04de81f69b8f4f882ad22e26672a61ed96d2e1f69d72f59c36bf401. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cac67b5ab04de81f69b8f4f882ad22e26672a61ed96d2e1f69d72f59c36bf401
SHA3-384 hash: f14d99b110a565a64de372dff71f8c7312f8a0f53a22b2a029d6708dcc57d06d3f883246a4625e3ec1c11ab1264a0df0
SHA1 hash: 4186228c2fe422f7b91b02df7dcd01ad461f5a38
MD5 hash: b7c2677756fa6d61737dec4496bf2715
humanhash: coffee-delta-cold-muppet
File name:Remittance Slip 04062020_pdf.exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'136'640 bytes
First seen:2020-06-04 17:32:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 24576:Hwdl0iFKI5n28e2f//9eKoGz1FPzjpZ0IHZHXsQyDkGYnoGH4n:Hwdl0i8028e2fH9e2LjhdXwDQHe
Threatray 3'201 similar samples on MalwareBazaar
TLSH B335124432F47A5ED1BBCD3659620C506EA1386BBF26D24B5C8B10CA546EFC28F50FA7
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: shsmtp.scs-net.org
Sending IP: 213.178.226.251
From: Lanni <lbenmamar@technisangles.fr>
Subject: Re: Wire Transfer USD27000
Attachment: Remittance Slip 04062020_pdf.rar (contains "Remittance Slip 04062020_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 17:36:18 UTC
AV detection:
11 of 31 (35.48%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zldhwwvqjxub62ny6t4ifljc4jthfjq63fws4h3j24xvtq3l6qaq._file
Verdict:
malicious
Similar samples:
29f20793c95925c35611390902e709a7e12562afe8b3c7298c911e5dd9871526
MassLogger
47e006890226bdff31e019f7dbf9f0edc1c46385504186a3819be57cb41d6c2a
MassLogger
49ced6e317fa96af1310ad10e5b71fea0d84e03b42ff0434f11d312ebb62dbcf
MassLogger
6da1c2c7bf56856758eb28da84a033c9dd734aeb7d7177a35a4ab79ccb52812b
MassLogger
6ee9c2dbb4e02add4966f1a720be2c6dd22cb0088fff92aa0e9a6b4d91e85b67
MassLogger
8bc95f1ba65bf54858a20c62bf09e9e39027f8be74369c25401b5e4503b1b553
MassLogger
a2a4fc12990dcf4a9778f96840b49be84f9563edd2b5209b6dac1ffb2ed8e38d
MassLogger
a760f527a357c0102eb9d9ecc6ca76f245d34237b230ce9a38e83ae806ab13cb
MassLogger
d57f6bfd820c84a664edfa6d70259bf8d29763297a33e26557d0c553acd9d22e
MassLogger
dc6eb4d716d3a1c045090d38abe87f80e14ab2bbb997268a2190332fb7563dcb
MassLogger
+ 3'191 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger ransomware rezer0 spyware stealer
Link:
https://tria.ge/reports/201109-jgd6z2f76x/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of web browsers
rezer0
MassLogger
MassLogger Main Payload
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:masslogger_gcch
Create hunting rule
Author:govcert_ch

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

rar 6183a8ed167641bb5818d9ce78c9cae8347c4d995959006796ea613dcec6edf1

MassLogger

Executable exe cac67b5ab04de81f69b8f4f882ad22e26672a61ed96d2e1f69d72f59c36bf401

(this sample)

  
Dropped by
MD5 f67aaed5e32a34176d02c8add8b1616e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6183a8ed167641bb5818d9ce78c9cae8347c4d995959006796ea613dcec6edf1

Comments